Overview

This article outlines the service provided by Sitecore for the removal of an Application Gateway (AGW) with Web Application Firewall (WAF) functionality.

It details the situations in which you should create this service request (SR), the prerequisites, considerations, and service level agreement (SLA) associated with the service.

Situations to Create this SR

You should create this service request when you want to delete an existing AGW including the WAF policy from a PaaS 1.0 environment. This is typically required when consolidating resources, updating your network infrastructure, or changing your content delivery strategy.

*If the target AGW (+WAF) was created on your own (not created by Sitecore), it will be treated as your custom resource and the deletion is out of our service scope. In this situation, you should do the deletion on your own.

Prerequisites

Before creating the SR to remove the AGW, ensure the following steps are completed:

1. Add all custom domain names in CD:
   Ensure all custom domain names are added to the Content Delivery endpoint.
2. Upload all custom domain certificates in CD:
   Upload the necessary certificates to the Content Delivery endpoint.
3. Remove the CD IP restriction:
   Remove any IP restrictions on the Content Delivery endpoint.
4. Change the custom domain DNS records:
   • [Optional]: Before updating the DNS records test the routing using the local "hosts" file.
   • [No DR]: Update the DNS records to point from the AGW public IP (A record) to the CD endpoint (CName).
   • [Have DR]: No need to change the DNS records as all DNS should be pointing to the DR TM (Traffic Manager) endpoint. Ask Sitecore support to change the DR TM endpoint list first (from AGW to primary CD), then continue to the next step.
5. Perform testing:
   Verify that all custom domains are functioning correctly.

Service Level Agreement (SLA)

The removal process for the AGW (including WAF policy) will be completed within 3 business days from the creation of the service request. 

Scope of Support

The Sitecore Managed Cloud team provides Limited Support for Managed Cloud Standard customers using the Azure AG + WAF enabled product with their Sitecore implementation. This Limited Support scope includes the Azure WAF component with Azure Application Gateway.

RACI matrix

The following tables indicate the roles and responsibilities associated with key considerations when planning the removal of Application GW (WAF). 

Task	Sitecore	Customer
Add all custom domain names to the Content Delivery (CD) endpoint	C, I	R, A
Upload all custom domain certificates to the CD endpoint	C, I	R, A
Remove IP restrictions on the CD endpoint	C, I	R, A
Update custom domain DNS records from AGW public IP to CD endpoint	C, I	R, A
Conduct testing to ensure all custom domains are functioning correctly	C, I	R, A
Create a Service Request (SR) to remove the AGW, including the WAF policy	C, I	R, A
Update the CD ping test URL to point to the CD	R, A	C, I
Modify the TM endpoint list, DR script, and DR ping test (if Disaster Recovery is applicable)	R, A	C, I
Remove the four AGW-related resources: Application Gateway WAF Policy Public IP address Virtual network	R, A	C, I

Legend:

• R – Responsible
• A – Accountable
• C – Consultant
• I – Informed 

Notes

Impact on Services: Be aware that removing the AGW might temporarily affect traffic management and load balancing. Plan accordingly to minimize disruptions.

Backup and Recovery: Ensure all relevant data and configurations are backed up before initiating the removal process. In case of any issues, having a backup will facilitate quicker recovery.